我想访问用户的一个驱动器来上传文档或使用 Graph API 检索文档.我在网上看到了多个需要使用标准登录页面让用户登录的示例.您需要从登录页面获取授权码，然后使用它来获取令牌，最终可以使用令牌访问驱动器等资源.

I would like to access a user's one drive to upload a document or retrieve a document using Graph API. I've seen multiple examples over the net which requires using the standard login page for the user to login. You need to get the authorization code from the login page and then use it to get a token, which finally can be used to access a resource like drive.

我正在寻找一种无需通过登录页面即可执行此操作的方法.我可以拥有自己的登录页面，我可以在其中请求用户登录.

Am looking for a way to do this without going through the login page. I can have my own login page where I can request user to login.

简而言之，我想使用像 Postman 这样的 REST 客户端访问 Graph API 的驱动器资源(从授权到访问资源).这可能吗?

In short, I want to access drive resource of Graph API using a REST client like Postman (right from authorization to accessing the resource). Is this possible?

推荐答案

虽然这是可能的，但强烈建议不要对个人用户访问这样做.Microsoft Graph 仅支持 OAUTH 2.0 作为其 authZ 协议，我们建议您使用 OAUTH 中的流程，其中受信任的机构是直接处理登录凭据的机构.允许应用程序代码为登录凭据提供表单 UI 会打开攻击向量，您的应用程序可以直接访问用户的 O365 密码，这不是一种安全的方法.

Although this is possible, it's strongly recommended not to do this for individual user access. The Microsoft Graph only supports OAUTH 2.0 as its authZ protocol, and we recommend that you use the flows within OAUTH where the trusted authority be the one to directly handle login credentials. Allowing application code to provide the forms UI for login credentials would open up the attack vector where your app would have direct access to the user's O365 password, which is not a secure approach.